On September 9, Colorado Attorney General (AG) Phil Weiser issued a public advisory warning voters about the dangers of election misinformation and disinformation in the form of realistic-looking images, videos, and audio created using artificial intelligence (AI), known as “deepfakes.” The advisory follows the May 2024 enactment of HB24-1147, an act designed to prevent a broad range of actors from using deepfakes depicting candidates in political communications without properly disclosing the untruthful nature of the communication to voters.

Earlier this month, 20 Democratic state attorneys general (AG) filed an amicus brief supporting the U.S. Food and Drug Administration’s (FDA) marketing denial orders (MDOs) of premarket tobacco applications (PMTAs) for flavored electronic nicotine delivery systems (ENDS or e-cigarettes) currently under review by the U.S. Supreme Court. The brief not only demonstrates which side these states support, but also identifies specific enforcement priorities for these states.

Earlier this year, Governor Josh Shapiro signed amendments to Pennsylvania’s Breach of Personal Information Notification Act (BPINA) into law, which go into effect on September 26. As part of the implementation of these requirements, Pennsylvania Attorney General (AG) Michelle Henry announced the launch of an online portal for companies and other entities to report data breaches that impact more than 500 Pennsylvania residents. As with notification to impacted individuals, covered entities must notify the AG “without unreasonable delay.” This new requirement aligns Pennsylvania’s data breach notification law with the 35 states that have existing notice requirements for the applicable state regulator when a threshold number of state residents are impacted. Many of these states utilize a similar portal for submissions for ease of reporting.

This article was originally published on September 18, 2024 on Bloomberg Law and is republished here with permission.

The Northern District of Texas’s nationwide ban on the Federal Trade Commission’s noncompete rule isn’t a complete bar to government enforcement. The rule sought to curb unfair methods of competition and would have voided employees’ noncompete provisions. It required employers to send notice that noncompete agreements are no longer enforceable.

In this episode, Chris Carlson, an associate in the Regulatory, Investigations, Strategy and Enforcement (RISE) practice, joins Brooke and Chris to discuss how federal and state regulators are collaborating on consumer protection investigations. The team discusses a recent order and action against an Arizona-based auto dealer for multiple Unfair or Deceptive Acts or Practices (UDAP) violations. While contemplating whether this is a growing trend, the trio meanders into discussions about the CARS Rule and the potential impact of November’s election on the industry.

In August, the U.S. Food and Drug Administration (FDA) issued a new proposed rule that would require importers of electronic nicotine delivery system (ENDS) products to provide an FDA-issued submission tracking number (STN) to U.S. Customs and Border Protection (CBP) for imports of such products. This rule could result in the denial of entry for ENDS imports for which the manufacturer has not submitted a premarket tobacco product application (PMTA) to FDA.

In a recent amicus brief submitted to the Colorado Supreme Court, the Colorado Attorney General’s (AG) office has expressed its support for plaintiffs in a case that raises questions about the interplay between Colorado’s landlord-tenant laws and the Colorado Consumer Protection Act (CCPA). The case involves allegations that Home Partners Holdings LLC and its affiliates included illegal fees and provisions in their form leases, misleading tenants about their rights and obligations under Colorado law.

On September 4, Texas Attorney General (AG) Ken Paxton filed a lawsuit against the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), challenging two key Health Insurance Portability and Accountability Act (HIPAA) rules — the 2000 Privacy Rule and the newly implemented 2024 Privacy Rule. These rules were enacted to protect the privacy of individuals’ protected health information (PHI) under HIPAA. Texas argues that these rules unlawfully limit state investigators’ ability to access PHI, impeding the enforcement of state laws.

Dear Mary,

I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get back up and running so swiftly, do we still need to determine whether the incident is material and report it?

Sincerely,

– Concerned Executive

Molecular diagnostics company Enzo Biochem, Inc. has reached settlements resolving investigations in relation to a 2023 data breach by the attorneys general (AG) for Connecticut, New Jersey, and New York. Enzo has agreed to pay the states a total of $4.5 million, as well as institute and maintain new data security protocols.